|
| | | 
New Member
Group: Forum Members
Last Login: 8/2/2008 11:00 AM
Posts: 84, Visits: 133 |
| | I don't understand after reformatting my HP pavillion elite recovery manager busy 4 times over in the last month and have no idea as to why my mouse floats or why after ridding myself of all of my nortons security issues and trying two free highly rated anti virus and firewall. If you could just glance at my Hijack this and if it is nothing but a tracking cookie so be it, I just don't want to start over again. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:55 AM, on 8/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe --
End of file - 13448 bytes
" Hello Monkey, this is Captain TweakXP, you need to get out of the house now, the hacker is in your house get out NOW!"
God B
monkey |
| |
| | | 
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,030, Visits: 54,734 |
| Welcome
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Download and scan with CCleaner:
http://www.ccleaner.com/download/builds
1. Starting with v1.27.260, CCleaner started installing the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free 'Slim' version instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
* Clean all entries in the "Internet Explorer" section except Cookies.
* Clean all the entries in the "Windows Explorer" section.
* Clean all entries in the "System" section.
* Clean all entries in the "Advanced" section.
* Clean any others that you choose.
In the Applications Tab:
* Clean all except cookies in the Firefox/Mozilla section if you use it.
* Clean all in the Opera section if you use it.
* Clean Sun Java in the Internet Section.
* Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "Exit" when done.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, DSS will open two Notepads: main.txt and extra.txt which will be minimized to your taskbar.
* If not, they both can be found in the C:\Deckard\System Scanner folder.
* Use Save As to save both Notepad files to your Desktop and post them in your next reply.
________________________________________
ASAP & UNITE member since 2006
 
|
| |
| | |
New Member
Group: Forum Members
Last Login: 8/2/2008 11:00 AM
Posts: 84, Visits: 133 |
| Thank you for responding, I did all you said except I cannot get the DSS to download with my download manager as well as windows default download. I wrote in my original post about Macrovision and Flexnet they or this program wants to startup with my computer and in the task manager it is issch.exe. I had done a scan with my free anti virus avira and comodo scans and comodo found a virus and I quarant it. but now it sits there and doesn't say it is infectious. So confused. The macrovision though is when this odd behavior started for me again, are you familiar with it? I will wait for your response on the Deckard issue.
" Hello Monkey, this is Captain TweakXP, you need to get out of the house now, the hacker is in your house get out NOW!"
God B
monkey |
| |
| | |
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,030, Visits: 54,734 |
| If you're able to,download and run the FLEXnet Connect Software Manager Uninstaller:
http://support.installshield.com/kb/files/Q112918/SoftwareManagerUninstall.exe
The file is also attached below if it helps at all.
Forget Deckards System Scanner,do the following instead:
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
The file is also attached below.
Note
It is important that it is saved directly to your desktop
Now close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window or do anything else on your pc while it's running.
That may cause the program/system to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
Also post a new Hijackthis log please.
________________________________________
ASAP & UNITE member since 2006
|
| |
| | |
New Member
Group: Forum Members
Last Login: 8/2/2008 11:00 AM
Posts: 84, Visits: 133 |
| | I used the macrovision uninstaller you linked to me and I assume it worked, however in my windows defender startup the two entries where I had disabled them prior still show, can I now remove them from windows defender? Also when running the combofix the anti vira or virus free software is a bugger to shutdown all the way but I was able too and ran the combo fix a second time as the administrator no one else uses my home computer. So here are the results for both the combo and hijack logs you requested. ps: After this issue at hand is resolved could you direct me to or advise me on why my computer vista system has 80 process that run in boot up in memory? I have tried the disabled route via "name escapes me" popular website on what to run, disable, automatic etc with XP but have yet tried it with Vista home premium. knowing vista was a hog had no idea just how piggish it really is Combofix: ComboFix 08-08-12.01 - ]
Running from: C:\Users\ThomZen27\Desktop\ComboFix.exe
* Created a new restore point
.
[color=purple]The following files were disabled during the run:[/color]
C:\Windows\system32\guard32.dll
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.
2008-08-12 16:15 . 2008-08-12 16:15 <DIR> d-------- C:\Users\Administrator\AppData
2008-08-12 16:15 . 2008-08-12 16:15 <DIR> d-------- C:\Users\Administrator
2008-08-12 15:56 . 2008-08-12 15:56 <DIR> d-------- C:\Program Files\Macrovision Corporation
2008-08-12 15:30 . 2008-07-15 20:32 2,048 --a------ C:\WINDOWS\System32\tzres.dll
2008-08-12 15:26 . 2008-06-26 20:55 1,383,424 --a------ C:\WINDOWS\System32\mshtml.tlb
2008-08-12 15:26 . 2008-06-26 23:15 827,392 --a------ C:\WINDOWS\System32\wininet.dll
2008-08-12 15:26 . 2008-06-18 22:31 361,984 --a------ C:\WINDOWS\System32\IPSECSVC.DLL
2008-08-12 15:26 . 2008-04-18 00:48 269,312 --a------ C:\WINDOWS\System32\es.dll
2008-08-12 15:25 . 2008-04-10 00:12 738,304 --a------ C:\WINDOWS\System32\inetcomm.dll
2008-08-11 19:23 . 2008-08-11 19:23 <DIR> d-------- C:\Program Files\CCleaner
2008-08-10 04:12 . 2008-08-10 04:13 <DIR> d-------- C:\Users\ThomZen27\avidemux
2008-08-10 03:13 . 2008-08-10 03:13 <DIR> d-------- C:\Users\All Users\PrevxCSI
2008-08-10 03:13 . 2008-08-10 03:13 <DIR> d-------- C:\ProgramData\PrevxCSI
2008-08-10 01:18 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx1\Videos
2008-08-10 01:18 . 2006-11-02 05:23 <DIR> d-------- C:\Users\Mcx1\Saved Games
2008-08-10 01:18 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx1\Pictures
2008-08-10 01:18 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx1\Music
2008-08-10 01:18 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx1\Links
2008-08-10 01:18 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx1\Downloads
2008-08-10 01:18 . 2008-08-10 01:18 <DIR> dr------- C:\Users\Mcx1\Documents
2008-08-10 01:18 . 2008-08-10 02:27 <DIR> d--h----- C:\Users\Mcx1\AppData
2008-08-10 01:18 . 2008-08-12 15:18 <DIR> d-------- C:\Users\Mcx1
2008-08-10 00:39 . 2008-08-10 00:39 222 --a------ C:\WINDOWS\System32\Support.xml
2008-08-09 18:38 . 2008-08-09 18:38 <DIR> d-------- C:\Program Files\The KMPlayer
2008-08-09 18:36 . 2008-08-11 20:08 <DIR> d-------- C:\Program Files\Avidemux 2.4
2008-08-09 13:07 . 2008-08-09 13:07 <DIR> d-------- C:\Users\ThomZen27\AppData\Roaming\Template
2008-08-09 13:07 . 2008-08-11 12:39 450 --a------ C:\Users\ThomZen27\AppData\Roaming\wklnhst.dat
2008-08-08 07:45 . 2008-08-08 07:45 <DIR> d-------- C:\Users\All Users\InstallShield
2008-08-08 07:45 . 2008-08-08 07:45 <DIR> d-------- C:\ProgramData\InstallShield
2008-08-08 05:00 . 2008-08-08 05:00 <DIR> d-------- C:\Users\All Users\Apple
2008-08-08 05:00 . 2008-08-08 05:00 <DIR> d-------- C:\ProgramData\Apple
2008-08-08 05:00 . 2008-08-08 05:00 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-08 03:22 . 2008-08-08 03:22 <DIR> d-------- C:\Users\ThomZen27\AppData\Roaming\skypePM
2008-08-08 03:22 . 2008-08-08 03:22 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-08-08 03:22 . 2008-08-08 03:22 56 --ah----- C:\ProgramData\ezsidmv.dat
2008-08-08 03:12 . 2008-08-08 05:56 <DIR> d-------- C:\Users\ThomZen27\AppData\Roaming\Skype
2008-08-08 01:48 . 2008-08-10 03:31 <DIR> d-a------ C:\Users\All Users\TEMP
2008-08-08 01:48 . 2008-08-10 03:31 <DIR> d-a------ C:\ProgramData\TEMP
2008-08-08 01:47 . 2008-08-12 15:18 <DIR> d-------- C:\Users\All Users\Google Updater
2008-08-08 01:47 . 2008-08-12 15:18 <DIR> d-------- C:\ProgramData\Google Updater
2008-08-08 00:09 . 2008-08-08 00:09 <DIR> d-------- C:\Users\All Users\Skype
2008-08-08 00:09 . 2008-08-08 00:09 <DIR> d-------- C:\ProgramData\Skype
2008-08-08 00:09 . 2008-08-08 00:09 <DIR> d-------- C:\Program Files\Skype
2008-08-08 00:09 . 2008-08-08 00:09 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-08-07 22:01 . 2008-08-07 22:01 <DIR> d-------- C:\Users\All Users\LightScribe
2008-08-07 22:01 . 2008-08-07 22:01 <DIR> d-------- C:\ProgramData\LightScribe
2008-08-04 22:58 . 2008-08-04 23:01 <DIR> d-------- C:\Users\ThomZen27\AppData\Roaming\SPORE Creature Creator
2008-08-04 22:56 . 2008-08-04 22:56 <DIR> dr-h----- C:\Users\ThomZen27\AppData\Roaming\SecuROM
2008-08-03 16:46 . 2008-08-03 16:46 <DIR> d-------- C:\Program Files\AvsP
2008-08-03 15:41 . 2008-08-03 15:41 <DIR> d-------- C:\Program Files\LameFE
2008-08-03 15:37 . 2008-08-03 15:38 <DIR> d-------- C:\Program Files\Audacity
2008-08-03 15:12 . 2008-08-03 15:12 <DIR> d-------- C:\Users\All Users\GRETECH
2008-08-03 15:12 . 2008-08-03 15:12 <DIR> d-------- C:\ProgramData\GRETECH
2008-08-03 15:11 . 2008-08-03 15:11 <DIR> d-------- C:\Users\ThomZen27\AppData\Roaming\GRETECH
2008-08-03 15:10 . 2008-08-03 15:10 <DIR> d-------- C:\Program Files\GRETECH
2008-08-03 10:52 . 2008-08-03 10:54 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-03 10:06 . 2008-08-03 10:06 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-03 01:17 . 2008-08-03 01:17 <DIR> d-------- C:\Users\ThomZen27\AppData\Roaming\Auslogics
2008-08-03 00:42 . 2008-08-03 00:42 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-03 00:02 . 2008-08-03 00:42 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-03 00:02 . 2008-08-03 00:42 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-03 00:00 . 2008-08-03 00:00 <DIR> d-------- C:\Program Files\VistaCodecPack
2008-08-02 23:58 . 2008-08-02 23:58 <DIR> d-------- C:\Users\All Users\VistaCodecs
2008-08-02 23:58 . 2008-08-02 23:58 <DIR> d-------- C:\ProgramData\VistaCodecs
2008-08-02 23:25 . 2008-08-02 23:25 <DIR> d-------- C:\Users\ThomZen27\AppData\Roaming\Datel
2008-08-02 23:25 . 2008-08-02 23:25 <DIR> d-------- C:\Program Files\Datel
2008-08-02 22:23 . 2008-08-02 22:26 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-08-02 22:07 . 2008-05-16 14:01 768,544 --a------ C:\WINDOWS\System32\nvcplui.exe
2008-08-02 22:07 . 2008-06-04 16:29 446,464 --a------ C:\WINDOWS\System32\nvuninst.exe
2008-08-02 22:07 . 2008-05-16 14:01 420,384 --a------ C:\WINDOWS\System32\nvcpl.cpl
2008-08-02 22:07 . 2008-05-16 14:01 313,888 --a------ C:\WINDOWS\System32\nvexpbar.dll
2008-08-02 21:54 . 2008-08-02 21:54 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-08-02 21:42 . 2008-08-02 21:42 278,984 --a------ C:\WINDOWS\System32\drivers\atksgt.sys
2008-08-02 21:42 . 2008-08-02 21:42 25,416 --a------ C:\WINDOWS\System32\drivers\lirsgt.sys
2008-08-02 21:33 . 2008-08-10 00:04 <DIR> d-------- C:\Program Files\The Witcher
2008-08-02 21:29 . 2008-08-02 21:29 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Videos
2008-08-02 21:29 . 2008-08-02 21:29 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Searches
2008-08-02 21:29 . 2008-08-02 21:29 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Saved Games
2008-08-02 21:29 . 2008-08-02 21:29 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Pictures
2008-08-02 21:29 . 2008-08-02 21:29 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Music
2008-08-02 21:29 . 2008-08-02 21:29 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Links
2008-08-02 21:29 . 2008-08-02 21:29 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Downloads
2008-08-02 21:29 . 2008-08-02 21:29 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Documents
2008-08-02 21:29 . 2008-08-02 21:29 <DIR> d-------- C:\Users\All Users\Electronic Arts
2008-08-02 21:29 . 2008-08-02 21:29 <DIR> d-------- C:\ProgramData\Electronic Arts
2008-08-02 21:29 . 2008-08-02 22:18 2,308 --a------ C:\WINDOWS\System32\ealregsnapshot1.reg
2008-08-02 21:26 . 2008-08-02 21:30 <DIR> d-------- C:\Program Files\Electronic Arts
2008-08-02 20:28 . 2008-08-02 20:30 <DIR> d-------- C:\Program Files\Microsoft LifeCam
2008-08-02 20:23 . 2008-08-08 06:14 0 --a------ C:\WINDOWS\System32\drivers\lvuvc.hs
2008-08-02 20:21 . 2007-07-18 19:44 3,599,000 --a------ C:\WINDOWS\System32\drivers\lvuvc.sys
2008-08-02 20:21 . 2007-07-18 19:42 1,920,920 --a------ C:\WINDOWS\System32\drivers\lvpopflt.sys
2008-08-02 20:21 . 2007-07-18 19:43 490,008 --a------ C:\WINDOWS\System32\LVUI2.dll
2008-08-02 20:21 . 2007-07-18 19:44 465,432 --a------ C:\WINDOWS\System32\LVUI2RC.dll
2008-08-02 20:21 . 2007-07-18 19:40 416,280 --a------ C:\WINDOWS\System32\lvcodec2.dll
2008-08-02 20:21 . 2007-07-18 19:40 195,096 --a------ C:\WINDOWS\System32\lvci1110.dll
2008-08-02 20:21 . 2007-07-18 18:54 58,163 --a------ C:\WINDOWS\System32\lvcoinst.ini
2008-08-02 20:21 . 2007-07-18 19:44 41,752 --a------ C:\WINDOWS\System32\drivers\LVUSBSta.sys
2008-08-02 20:21 . 2007-07-18 18:55 19,344 --a------ C:\WINDOWS\System32\Repository.reg
2008-08-02 19:41 . 2008-08-02 19:41 <DIR> d-------- C:\Users\All Users\Avira
2008-08-02 19:41 . 2008-08-02 19:41 <DIR> d-------- C:\ProgramData\Avira
2008-08-02 19:41 . 2008-08-02 19:41 <DIR> d-------- C:\Program Files\Avira
2008-08-02 18:43 . 2008-08-02 18:43 268 --ah----- C:\sqmdata00.sqm
2008-08-02 18:43 . 2008-08-02 18:43 244 --ah----- C:\sqmnoopt00.sqm
2008-08-02 18:12 . 2008-08-02 18:12 <DIR> d-------- C:\Users\ThomZen27\AppData\Roaming\Comodo
2008-08-02 18:12 . 2008-08-02 18:42 <DIR> d-------- C:\Users\All Users\comodo
2008-08-02 18:12 . 2008-08-02 18:42 <DIR> d-------- C:\ProgramData\comodo
2008-08-02 18:12 . 2008-08-02 18:12 <DIR> d-------- C:\Program Files\COMODO
2008-08-02 18:12 . 2008-08-02 18:12 143,104 --a------ C:\WINDOWS\System32\guard32.dll.vir
2008-08-02 18:12 . 2008-08-02 18:12 85,008 --a------ C:\WINDOWS\System32\drivers\cmdguard.sys
2008-08-02 18:12 . 2008-08-02 18:12 25,104 --a------ C:\WINDOWS\System32\drivers\cmdhlp.sys
2008-08-02 18:02 . 2008-08-02 18:03 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-08-02 18:02 . 2008-08-02 18:02 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-08-02 18:02 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\System32\d3dx9_32.dll
2008-08-02 18:01 . 2008-08-02 18:01 <DIR> d-------- C:\WINDOWS\PCHEALTH
2008-08-02 18:01 . 2008-08-02 18:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-02 17:57 . 2008-08-02 20:54 <DIR> d-------- C:\Program Files\Windows Live
2008-08-02 17:57 . 2008-08-02 18:00 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-02 17:56 . 2008-08-02 17:56 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-08-02 17:56 . 2008-08-02 17:56 <DIR> d-------- C:\ProgramData\WLInstaller
2008-08-02 17:24 . 2008-08-02 17:24 203,776 --a------ C:\WINDOWS\System32\clrviddc.dll
2008-08-02 17:24 . 1999-09-10 06:06 45,056 --a------ C:\WINDOWS\System32\wnaspi32.dll
2008-08-02 17:24 . 1999-09-10 06:06 25,244 --a------ C:\WINDOWS\System32\drivers\aspi32.sys
2008-08-02 17:24 . 1999-09-10 06:06 5,600 --a------ C:\WINDOWS\system\winaspi.dll
2008-08-02 17:24 . 1999-09-10 06:06 4,672 --a------ C:\WINDOWS\system\wowpost.exe
2008-08-02 17:23 . 2008-08-02 17:23 25 --a------ C:\WINDOWS\cdplayer.ini .
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 21:16 --------- d-----w C:\Program Files\Microsoft Works
2008-08-12 20:31 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 01:44 --------- d-----w C:\Program Files\Rhapsody
2008-08-10 05:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-08 12:45 --------- d-----w C:\Program Files\Roxio
2008-08-08 12:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-08 12:44 --------- d-----w C:\ProgramData\Sonic
2008-08-08 12:44 --------- d-----w C:\ProgramData\Roxio
2008-08-08 03:04 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-08-02 22:22 --------- d-----w C:\Program Files\Real
2008-08-02 21:34 174 --sha-w C:\Program Files\desktop.ini
2008-08-02 21:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-02 21:27 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-02 21:27 --------- d-----w C:\Program Files\Windows Journal
2008-08-02 21:27 --------- d-----w C:\Program Files\Windows Defender
2008-08-02 21:27 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-02 21:27 --------- d-----w C:\Program Files\Windows Calendar
2008-08-02 21:17 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-08-02 21:17 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-08-02 20:54 --------- d-----w C:\Program Files\HP
2008-08-02 18:35 --------- d-----w C:\ProgramData\WildTangent
2008-08-02 18:34 --------- d--h--w C:\ProgramData\yahoo!
2008-08-02 18:34 --------- d-----w C:\Program Files\Yahoo!
2008-08-02 18:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-02 18:22 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-08-02 18:22 --------- d-----w C:\Program Files\Realtek
2008-08-02 17:54 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-08-02 17:54 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-08-02 17:54 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-08-02 17:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-08-02 16:58 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-08-02 16:49 --------- d-sh--w C:\ProgramData\Templates
2008-08-02 16:49 --------- d-sh--w C:\ProgramData\Start Menu
2008-08-02 16:49 --------- d-sh--w C:\ProgramData\Favorites
2008-08-02 16:49 --------- d-sh--w C:\ProgramData\Documents
2008-08-02 16:49 --------- d-sh--w C:\ProgramData\Desktop
2008-08-02 16:49 --------- d-sh--w C:\ProgramData\Application Data
2008-06-13 01:36 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-06-13 00:25 966,656 ----a-w C:\Windows\System32\VSFilter.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-11 19:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-06-06 17:28 430,08 |
| |
|
